Bug#503173: set correct PAX flags with paxctl as package default on i386 and amd64
Christoph Scheurer
christoph.scheurer at ch.tum.de
Tue Jan 18 04:25:51 UTC 2011
Hello,
I also regularly fix this problem (bugs 609602,503173) by setting the required
PAX flags on the respective grub binaries from grub-common and grub-pc with
paxctl:
paxctl -cpsm /usr/sbin/grub-setup
paxctl -cpsm /usr/sbin/grub-mkdevicemap
paxctl -cpsm /usr/sbin/grub-probe
It would be helpful if this could be the default in grub-pc and grub-common so
these settings don't get lost on every update of these packages.
An additional benefit of including this for the packaged binaries would be
that debsums does not report errors for these binaries anymore (paxctl changes
the program header and thus the checksum) as on a grsec-secured system I
prefer to have the "correct" default debsums on all binaries.
Regards,
--
Christoph Scheurer GnuPG key Id: 0x6128C6B6
contact: http://www.theo.ch.tum.de/homepages/scheurer/
More information about the Pkg-grub-devel
mailing list